From 391476f38e0b67288b2e4109fffca208022fb184 Mon Sep 17 00:00:00 2001 From: mboelen Date: Fri, 30 Jan 2015 18:09:18 +0100 Subject: Improvements to report output, including custom URLs --- include/report | 383 +++++++++++++++++++++++++++++---------------------------- 1 file changed, 195 insertions(+), 188 deletions(-) diff --git a/include/report b/include/report index d725215d..f124f11b 100644 --- a/include/report +++ b/include/report @@ -18,220 +18,227 @@ # ################################################################################# # - logtextbreak - #if [ ${QUIET} -eq 0 ]; then -# echo "" -# echo " ---------------------------------------------------" -# echo " Program version: ${PROGRAM_version}" -# echo " Operating system: ${OS_NAME}" -# echo " Operating system version: ${OS_VERSION}" -# if [ ! "${OS_MODE}" = "" ]; then echo " Operating system mode: ${OS_MODE}"; fi -# echo " Kernel version: ${OS_KERNELVERSION}" -# echo " Hardware platform: ${HARDWARE}" -# echo " Hostname: ${HOSTNAME}" -# echo " Auditor: ${AUDITORNAME}" -# echo " Profile: ${PROFILE}" -# echo " Log file: ${LOGFILE}" -# echo " Report file: ${REPORTFILE}" -# echo " Report version: ${REPORT_version}" -# echo " ---------------------------------------------------" -# fi -# -################################################################################# -# -# Hardening Index -# Define approximately how strong a machine has been hardened -# -################################################################################# -# - # If no hardening has been found, set value to 1 - if [ ${HPPOINTS} -eq 0 ]; then HPPOINTS=1; HPTOTAL=100; fi - HPINDEX=`expr $HPPOINTS \* 100 / $HPTOTAL` - HPAOBLOCKS=`expr $HPPOINTS \* 20 / $HPTOTAL` - # Set color related to rating - if [ ${HPINDEX} -lt 50 ]; then - HPCOLOR="${RED}" - HIDESCRIPTION="System has not or a low amount been hardened" - fi - if [ ${HPINDEX} -gt 49 -a ${HPINDEX} -lt 80 ]; then - HPCOLOR="${YELLOW}" - HIDESCRIPTION="System has been hardened, but could use additional hardening" - fi - if [ ${HPINDEX} -gt 79 -a ${HPINDEX} -lt 90 ]; then - HPCOLOR="${GREEN}" - HIDESCRIPTION="System seem to be decent hardened" - fi - if [ ${HPINDEX} -gt 89 ]; then - HPCOLOR="${GREEN}" - HIDESCRIPTION="System seem to be well hardened" - fi - case ${HPAOBLOCKS} in - 0) HPBLOCKS="#"; HPEMPTY=" " ;; - 1) HPBLOCKS="#"; HPEMPTY=" " ;; - 2) HPBLOCKS="##"; HPEMPTY=" " ;; - 3) HPBLOCKS="###"; HPEMPTY=" " ;; - 4) HPBLOCKS="####"; HPEMPTY=" " ;; - 5) HPBLOCKS="#####"; HPEMPTY=" " ;; - 6) HPBLOCKS="######"; HPEMPTY=" " ;; - 7) HPBLOCKS="#######"; HPEMPTY=" " ;; - 8) HPBLOCKS="########"; HPEMPTY=" " ;; - 9) HPBLOCKS="#########"; HPEMPTY=" " ;; - 10) HPBLOCKS="##########"; HPEMPTY=" " ;; - 11) HPBLOCKS="###########"; HPEMPTY=" " ;; - 12) HPBLOCKS="############"; HPEMPTY=" " ;; - 13) HPBLOCKS="#############"; HPEMPTY=" " ;; - 14) HPBLOCKS="##############"; HPEMPTY=" " ;; - 15) HPBLOCKS="###############"; HPEMPTY=" " ;; - 16) HPBLOCKS="################"; HPEMPTY=" " ;; - 17) HPBLOCKS="#################"; HPEMPTY=" " ;; - 18) HPBLOCKS="##################"; HPEMPTY=" " ;; - 19) HPBLOCKS="###################"; HPEMPTY=" " ;; - 20) HPBLOCKS="####################"; HPEMPTY="" ;; - esac - - HPGRAPH="[${HPCOLOR}${HPBLOCKS}${NORMAL}${HPEMPTY}]" - logtext "Hardening index : [${HPINDEX}] [${HPBLOCKS}${HPEMPTY}]" - logtext "Hardening strength: ${HIDESCRIPTION}" - report "hardening_index=${HPINDEX}" - -# -################################################################################# -# -# Show test results overview -# -################################################################################# -# # Only show overview if not running in quiet mode if [ ${QUIET} -eq 0 ]; then echo ""; echo "================================================================================" echo ""; echo " -[ ${WHITE}${PROGRAM_name} ${PROGRAM_version} Results${NORMAL} ]-" echo ""; - # Show warnings from logfile - SWARNINGS=`cat ${LOGFILE} | grep -i 'warning:' | sed 's/ /!space!/g'` + if [ ${SHOW_REPORT} -eq 1 ]; then + + logtextbreak + # + ################################################################################# + # + # Hardening Index + # Define approximately how strong a machine has been hardened + # + ################################################################################# + # + # If no hardening has been found, set value to 1 + if [ ${HPPOINTS} -eq 0 ]; then HPPOINTS=1; HPTOTAL=100; fi + HPINDEX=`expr $HPPOINTS \* 100 / $HPTOTAL` + HPAOBLOCKS=`expr $HPPOINTS \* 20 / $HPTOTAL` + # Set color related to rating + if [ ${HPINDEX} -lt 50 ]; then + HPCOLOR="${RED}" + HIDESCRIPTION="System has not or a low amount been hardened" + fi + if [ ${HPINDEX} -gt 49 -a ${HPINDEX} -lt 80 ]; then + HPCOLOR="${YELLOW}" + HIDESCRIPTION="System has been hardened, but could use additional hardening" + fi + if [ ${HPINDEX} -gt 79 -a ${HPINDEX} -lt 90 ]; then + HPCOLOR="${GREEN}" + HIDESCRIPTION="System seem to be decent hardened" + fi + if [ ${HPINDEX} -gt 89 ]; then + HPCOLOR="${GREEN}" + HIDESCRIPTION="System seem to be well hardened" + fi + + case ${HPAOBLOCKS} in + 0) HPBLOCKS="#"; HPEMPTY=" " ;; + 1) HPBLOCKS="#"; HPEMPTY=" " ;; + 2) HPBLOCKS="##"; HPEMPTY=" " ;; + 3) HPBLOCKS="###"; HPEMPTY=" " ;; + 4) HPBLOCKS="####"; HPEMPTY=" " ;; + 5) HPBLOCKS="#####"; HPEMPTY=" " ;; + 6) HPBLOCKS="######"; HPEMPTY=" " ;; + 7) HPBLOCKS="#######"; HPEMPTY=" " ;; + 8) HPBLOCKS="########"; HPEMPTY=" " ;; + 9) HPBLOCKS="#########"; HPEMPTY=" " ;; + 10) HPBLOCKS="##########"; HPEMPTY=" " ;; + 11) HPBLOCKS="###########"; HPEMPTY=" " ;; + 12) HPBLOCKS="############"; HPEMPTY=" " ;; + 13) HPBLOCKS="#############"; HPEMPTY=" " ;; + 14) HPBLOCKS="##############"; HPEMPTY=" " ;; + 15) HPBLOCKS="###############"; HPEMPTY=" " ;; + 16) HPBLOCKS="################"; HPEMPTY=" " ;; + 17) HPBLOCKS="#################"; HPEMPTY=" " ;; + 18) HPBLOCKS="##################"; HPEMPTY=" " ;; + 19) HPBLOCKS="###################"; HPEMPTY=" " ;; + 20) HPBLOCKS="####################"; HPEMPTY="" ;; + esac + + HPGRAPH="[${HPCOLOR}${HPBLOCKS}${NORMAL}${HPEMPTY}]" + logtext "Hardening index : [${HPINDEX}] [${HPBLOCKS}${HPEMPTY}]" + logtext "Hardening strength: ${HIDESCRIPTION}" + report "hardening_index=${HPINDEX}" + + # + ################################################################################# + # + # Show test results overview + # + ################################################################################# + # + if [ "${CONTROL_URL_PREPEND}" = "" ]; then CONTROL_URL_PREPEND="https://cisofy.com/controls/"; fi + if [ "${CONTROL_URL_APPEND}" = "" ]; then CONTROL_URL_APPEND="/"; fi + if [ "${CUSTOM_URL_PREPEND}" = "" ]; then CUSTOM_URL_PREPEND="https://your-domain.example.org/controls/"; fi + if [ "${CUSTOM_URL_APPEND}" = "" ]; then CUSTOM_URL_APPEND="/"; fi + + # Show warnings from logfile + SWARNINGS=`cat ${LOGFILE} | grep -i 'warning:' | sed 's/ /!space!/g'` + + if [ "${SWARNINGS}" = "" ]; then + echo " ${OK}No warnings${NORMAL}"; echo "" + else + echo " ${WARNING}Warnings${NORMAL}:" + echo " ${WHITE}----------------------------${NORMAL}" + for WARNING in ${SWARNINGS}; do + SHOWWARNING=`echo ${WARNING} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Warning: //'` + ADDLINK=`echo ${WARNING} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Warning: \(.*\)\[//' | sed 's/\]//'` + IS_CUSTOM=`echo ${ADDLINK} | grep "^CUST"` + echo " ${WHITE}- ${SHOWWARNING}${NORMAL}" + if [ "${IS_CUSTOM}" = "" ]; then + echo " ${CONTROL_URL_PREPEND}${ADDLINK}${CONTROL_URL_APPEND}" + else + echo " ${CUSTOM_URL_PREPEND}${ADDLINK}${CUSTOM_URL_APPEND}" + fi + echo "" + done + fi - if [ "${SWARNINGS}" = "" ]; then - echo " ${OK}No warnings${NORMAL}"; echo "" - else - echo " ${WARNING}Warnings${NORMAL}:" - echo " ${WHITE}----------------------------${NORMAL}" - for WARNING in ${SWARNINGS}; do - SHOWWARNING=`echo ${WARNING} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Warning: //'` - ADDLINK=`echo ${WARNING} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Warning: \(.*\)\[//' | sed 's/\]//'` - echo " ${WHITE}- ${SHOWWARNING}${NORMAL}" - echo " https://cisofy.com/controls/${ADDLINK}/" + # Show suggestions from logfile + SSUGGESTIONS=`grep -i 'suggestion:' ${LOGFILE} | sed 's/ /!space!/g'` + + if [ "${SSUGGESTIONS}" = "" ]; then + echo " ${OK}No suggestions${NORMAL}"; echo "" + else + echo " ${YELLOW}Suggestions${NORMAL}:" + echo " ${WHITE}----------------------------${NORMAL}" + for SUGGESTION in ${SSUGGESTIONS}; do + SHOWSUGGESTION=`echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Suggestion: //'` + ADDLINK=`echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Suggestion: \(.*\)\[//' | sed 's/\]//'` + IS_CUSTOM=`echo ${ADDLINK} | grep "^CUST"` + echo " - ${SHOWSUGGESTION}" + if [ "${IS_CUSTOM}" = "" ]; then + echo " ${CONTROL_URL_PREPEND}${ADDLINK}${CONTROL_URL_APPEND}" + else + echo " ${CUSTOM_URL_PREPEND}${ADDLINK}${CUSTOM_URL_APPEND}" + fi + done echo "" - done - fi + fi - # Show suggestions from logfile - SSUGGESTIONS=`grep -i 'suggestion:' ${LOGFILE} | sed 's/ /!space!/g'` - - if [ "${SSUGGESTIONS}" = "" ]; then - echo " ${OK}No suggestions${NORMAL}"; echo "" - else - echo " ${YELLOW}Suggestions${NORMAL}:" - echo " ${WHITE}----------------------------${NORMAL}" - for SUGGESTION in ${SSUGGESTIONS}; do - SHOWSUGGESTION=`echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Suggestion: //'` - ADDLINK=`echo ${SUGGESTION} | sed 's/!space!/ /g' | sed 's/^\[\(.*\)\] Suggestion: \(.*\)\[//' | sed 's/\]//'` - echo " - ${SHOWSUGGESTION}" - echo " https://cisofy.com/controls/${ADDLINK}/" - done + if [ ! "${SWARNINGS}" = "" -o ! "${SSUGGESTIONS}" = "" ]; then + echo " ${CYAN}Follow-up${NORMAL}:" + echo " ${WHITE}----------------------------${NORMAL}" + echo " ${WHITE}-${NORMAL} Check the logfile for more details (less $LOGFILE)" + echo " ${WHITE}-${NORMAL} Read security controls texts (https://cisofy.com)" + echo " ${WHITE}-${NORMAL} Use --upload to upload data (Lynis Enterprise users)" + echo "" + fi + echo "================================================================================" + echo " ${WHITE}Lynis Scanner (details)${NORMAL}:" echo "" - fi - - if [ ! "${SWARNINGS}" = "" -o ! "${SSUGGESTIONS}" = "" ]; then - echo " ${CYAN}Follow-up${NORMAL}:" - echo " ${WHITE}----------------------------${NORMAL}" - echo " ${WHITE}-${NORMAL} Check the logfile for more details (less $LOGFILE)" - echo " ${WHITE}-${NORMAL} Read security controls texts (https://cisofy.com)" - echo " ${WHITE}-${NORMAL} Use --upload to upload data (Lynis Enterprise users)" + echo " ${CYAN}Hardening index${NORMAL} : ${WHITE}${HPINDEX}${NORMAL} ${HPGRAPH}" + echo " ${CYAN}Tests performed${NORMAL} : ${WHITE}${CTESTS_PERFORMED}${NORMAL}" + echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}" + echo "" + echo " ${SECTION}Lynis Modules${NORMAL}:" + echo " - Heuristics Check [${WHITE}NA${NORMAL}] - Security Audit [${GREEN}V${NORMAL}]" + if [ ${LYNIS_COMPLIANCE_TESTS} -eq 1 ]; then COMPLIANCE="${GREEN}V"; else COMPLIANCE="${RED}X"; fi + echo " - Compliance Tests [${COMPLIANCE}${NORMAL}] - Vulnerability Scan [${GREEN}V${NORMAL}]" + echo "" + echo " ${SECTION}Files${NORMAL}:" + echo " - Test and debug information : ${WHITE}${LOGFILE}${NORMAL}" + echo " - Report data : ${WHITE}${REPORTFILE}${NORMAL}" echo "" - fi - echo "================================================================================" - echo " ${WHITE}Lynis Scanner (details)${NORMAL}:" - echo "" - echo " ${CYAN}Hardening index${NORMAL} : ${WHITE}${HPINDEX}${NORMAL} ${HPGRAPH}" - echo " ${CYAN}Tests performed${NORMAL} : ${WHITE}${CTESTS_PERFORMED}${NORMAL}" - echo " ${CYAN}Plugins enabled${NORMAL} : ${WHITE}${N_PLUGIN_ENABLED}${NORMAL}" - echo "" - echo " ${SECTION}Lynis Modules${NORMAL}:" - echo " - Heuristics Check [${WHITE}NA${NORMAL}] - Security Audit [${GREEN}V${NORMAL}]" - if [ ${LYNIS_COMPLIANCE_TESTS} -eq 1 ]; then COMPLIANCE="${GREEN}V"; else COMPLIANCE="${RED}X"; fi - echo " - Compliance Tests [${COMPLIANCE}${NORMAL}] - Vulnerability Scan [${GREEN}V${NORMAL}]" - echo "" - echo " ${SECTION}Files${NORMAL}:" - echo " - Test and debug information : ${WHITE}${LOGFILE}${NORMAL}" - echo " - Report data : ${WHITE}${REPORTFILE}${NORMAL}" - echo "" - echo "================================================================================" - if [ ${PROGRAM_LV} -gt ${PROGRAM_AC} ]; then - echo " ${NOTICE}Notice: ${WHITE}${PROGRAM_name} update available${NORMAL}" - echo " Current version : ${WHITE}${PROGRAM_AC}${NORMAL} Latest version : ${WHITE}${PROGRAM_LV}${NORMAL}" echo "================================================================================" - else - ########################################################################################### - # - # Software quality program - # Only provide this hint when the tool is at the latest version - # - ########################################################################################### - - if [ ! "${PROGRAM_LV}" = "0" -a ! "${REPORTFILE}" = "" -a ! "${REPORTFILE}" = "/dev/null" ]; then - # Determine if the quality of the program can be increased by filtering out the exceptions - FIND=`${GREPBINARY} "^exception" ${REPORTFILE}` - if [ ! "${FIND}" = "" ]; then - echo "" - echo " ${RED}Exceptions found${NORMAL}" - echo " ${WHITE}Some exceptional events or information was found!${NORMAL}" - echo "" - echo " ${CYAN}What to do:${NORMAL}" - echo " You can help improving Lynis by providing your report file." - echo " Go to https://cisofy.com/contact/ and send your file to the e-mail address listed" - echo "" - echo "================================================================================" + if [ ${PROGRAM_LV} -gt ${PROGRAM_AC} ]; then + echo " ${NOTICE}Notice: ${WHITE}${PROGRAM_name} update available${NORMAL}" + echo " Current version : ${WHITE}${PROGRAM_AC}${NORMAL} Latest version : ${WHITE}${PROGRAM_LV}${NORMAL}" + echo "================================================================================" + else + ########################################################################################### + # + # Software quality program + # Only provide this hint when the tool is at the latest version + # + ########################################################################################### + + if [ ! "${PROGRAM_LV}" = "0" -a ! "${REPORTFILE}" = "" -a ! "${REPORTFILE}" = "/dev/null" ]; then + # Determine if the quality of the program can be increased by filtering out the exceptions + FIND=`${GREPBINARY} "^exception" ${REPORTFILE}` + if [ ! "${FIND}" = "" ]; then + echo "" + echo " ${RED}Exceptions found${NORMAL}" + echo " ${WHITE}Some exceptional events or information was found!${NORMAL}" + echo "" + echo " ${CYAN}What to do:${NORMAL}" + echo " You can help improving Lynis by providing your report file." + echo " Go to https://cisofy.com/contact/ and send your file to the e-mail address listed" + echo "" + echo "================================================================================" + fi fi fi - fi - # Display what tests are skipped in non-privileged scan for awareness - if [ ${PENTESTINGMODE} -eq 1 -a ! "${SKIPPED_TESTS_ROOTONLY}" = "" ]; then - echo "" - echo " ${PURPLE}Skipped tests due to non-privileged scan${NORMAL}" - - FIND=`echo ${SKIPPED_TESTS_ROOTONLY} | sed 's/ /:space:/g'` - # Split entries - FIND=`echo ${FIND} | sed 's/====/ /g'` - # Display found entries - for I in ${FIND}; do - J=`echo ${I} | sed 's/:space:/ /g'` - echo " ${J}" - done - echo "" - echo "================================================================================" - fi + # Display what tests are skipped in non-privileged scan for awareness + if [ ${PENTESTINGMODE} -eq 1 -a ! "${SKIPPED_TESTS_ROOTONLY}" = "" ]; then + echo "" + echo " ${PURPLE}Skipped tests due to non-privileged scan${NORMAL}" + + FIND=`echo ${SKIPPED_TESTS_ROOTONLY} | sed 's/ /:space:/g'` + # Split entries + FIND=`echo ${FIND} | sed 's/====/ /g'` + # Display found entries + for I in ${FIND}; do + J=`echo ${I} | sed 's/:space:/ /g'` + echo " ${J}" + done + echo "" + echo "================================================================================" + fi - if [ ${SHOW_TOOL_TIPS} -eq 1 ]; then - echo " Tip: Disable all tests which are not relevant or are too strict for the" - echo " purpose of this particular machine. This will remove unwanted suggestions" - echo " and also boost the hardening index. Each test should be properly analyzed" - echo " to see if the related risks can be accepted, before disabling the test." - echo "================================================================================" + if [ ${SHOW_TOOL_TIPS} -eq 1 ]; then + echo " Tip: Disable all tests which are not relevant or are too strict for the" + echo " purpose of this particular machine. This will remove unwanted suggestions" + echo " and also boost the hardening index. Each test should be properly analyzed" + echo " to see if the related risks can be accepted, before disabling the test." + echo "================================================================================" + fi + + + + echo ""; echo "" fi + fi + + if [ ${QUIET} -eq 0 ]; then + echo " ${PROGRAM_name} ${PROGRAM_version}" echo " ${PROGRAM_copyright}" echo " ${WHITE}${PROGRAM_extrainfo}${NORMAL}" echo "================================================================================" - - - echo ""; echo "" fi # #================================================================================ -# Lynis - Copyright 2007-2015, Michael Boelen - cisofy.com - The Netherlands +# Lynis - Copyright 2007-2015, Michael Boelen, CISOfy - https://cisofy.com -- cgit v1.2.3